Overview
Bitbucket Server integration supports:- Bitbucket Server 7.0+
- Bitbucket Data Center 7.0+
- Personal Access Token authentication
- Webhook integration for automated scanning
Connection Setup
1
Open Bitbucket Settings
In Bitbucket Server, click your profile → Manage account → Personal access tokens
2
Create Token
Click Create tokenToken name:
CodeThreat Security Scanner
Permissions: Select:- ✅ Projects: Read
- ✅ Repositories: Read
- ✅ Admin: (for webhook management)
3
Generate and Copy
Click Create and copy the token immediately
4
Add to CodeThreat
Settings → Integrations → Bitbucket ServerEnter your Bitbucket Server base URL (e.g.,
https://bitbucket.company.com)
Paste your Personal Access Token
Click Connect5
Import Repositories
Select repositories to scan from your Bitbucket Server instance
Configuration
Base URL Format
Enter your Bitbucket Server URL:- Include protocol (https://)
- No trailing slash
- No /scm or project paths
SSL Certificate
If your Bitbucket Server uses a self-signed SSL certificate:- Provide the CA certificate to CodeThreat support
- Or ensure a valid SSL certificate is configured
Webhook Configuration
CodeThreat creates webhooks for automated scanning.Required Permissions
The Personal Access Token needs Admin permission to create webhooks.Webhook Events
- Repository push: Trigger scans on commits
- Pull request opened: Scan new PRs
- Pull request updated: Rescan on changes
Verify Webhooks
- In Bitbucket Server: Repository → Settings → Webhooks
- Find webhook pointing to CodeThreat API endpoint
- Webhook should show as Enabled with recent successful deliveries
Pull Request Integration
Get security feedback in Bitbucket Server pull requests.PR Build Status
CodeThreat updates PR build status to show security scan results.PR Comments
Enable PR comments in repository settings to get:- Inline security findings
- Overall security summary
- AI-generated suggestions
Network Requirements
Firewall Configuration
Ensure connectivity between CodeThreat and your Bitbucket Server: Outbound from Bitbucket Server:- Allow HTTPS to
app.codethreat.com(webhooks)
- Allow HTTPS from CodeThreat IP addresses (for repository access)
SSL/TLS
Bitbucket Server must use:- TLS 1.2 or later
- Valid SSL certificate (or provide CA cert)
Best Practices
- Use dedicated service account for CodeThreat integration
- Set token expiration per security policy
- Whitelist CodeThreat IP addresses in firewall
- Enable PR scanning
- Test webhook delivery
Troubleshooting
Connection failed:- Verify base URL is correct and reachable
- Check token permissions (Projects: Read, Repositories: Read, Admin)
- Ensure SSL certificate is valid
- Verify firewall allows outbound HTTPS from CodeThreat
- Use a valid SSL certificate from a trusted CA
- Or provide your CA certificate to CodeThreat support
- Check certificate expiration
- Verify firewall allows outbound HTTPS from Bitbucket Server
- Whitelist
app.codethreat.comin firewall - Check webhook delivery logs in Bitbucket Server
- Verify token has Admin permission
- Verify token has Projects and Repositories read permissions
- Check service account has repository access
- Ensure repositories are not archived